1. Field of the Invention
This invention relates generally to security systems and methods, and more particularly, to a secure authentication and transaction system and method.
2. General Background and State of the Art
In a communications network such as the Internet, security issues arise in connection with remote authentication of users to web sites. Remote authentication is a bi-directional problem manifesting itself in several well-known attack profiles such as Phishing (a direct attack on the user), and brute force (an attack on the web site). All attacks are designed to gain access to an account or accounts without authorization. The fundamental challenge can be summarized as a failure to determine with complete accuracy if either end of the communication channel is successfully communicating with the correct entity.
Encryption techniques utilized to provide security include symmetric key encryption, where the same key encrypts and decrypts, and asymmetric key encryption, where one key encrypts and a different key decrypts. With a good asymmetric key encryption, it is difficult to get the decryption key even if the encryption key is known. Public Key Encryption is used to establish a secure connection. Assurance messages or images are in attempt at 2-way authentication such that users not only have to authenticate themselves to the site but the site authenticates itself to the users.
In a common way to authenticate users to a system, the user's public key has to be known to the server so a challenge phrase can be encrypted by the server using the client's public key. Only the real user will have the private key able to decrypt the message and respond. One Time Passwords (OTP) is another way to authenticate users. OTP is a hardware device that uses a random number generator to generate password at given intervals.
In the secure authentication and transaction system and method herein, a Client Token is directly connected to an Authentication Server, for enabling authentication of the Client and secure logins and transactions, in the background, while the Client Browser is connected to the Website. This eliminates the need for the Client to provide confidential personal and credit information to the Website, where security of such confidential information is at risk of interception and fraudulent use by fraudsters (persons committing fraud) and hackers. These fraudsters and hackers use techniques to acquire confidential information by launching effective malicious attacks, such as phishing, pharming, key-loggers, encryption-breaking, pass code-guessing, man-in-the-middle, SQL injection, and/or denial-of-service, all of which are, attacks which are inhibited by the system and method herein.
An Authentication Server provides a means for secure web browsing and payment transaction between client and E-merchant. The authentication server acts as a trusted third party for storing client data such as log-on and credit card information. The system eliminates the need for a client to maintain numerous log-in parameters and to provide financial information directly to a web merchant.
Attacks on servers include SQL Injections, Brute Force/Password Guessing, and DoS Attack. Attacks on Users include Phishing, Pharming, Key Loggers, and Cross-site scripting. Hybrid Attacks include Man In the Middle.
Terms used in the description of the secure authentication and transaction system herein include the following:
Phishing is e-mail fraud. A fraudulent e-mail is sent as bait for a scam. It can be anything from a request to login to your account to buy an item at a wonderful low price, to a notification that you have won a free gift where you just have to pay for shipping. Reality is they just want your card numbers or login information or some other piece of information that can be used for profit. In its most popular form, it occurs when numerous accountholders receive an e-mail, allegedly sent by a financial institution, persuading them to supply private identifying personal and account information online. Phishing scams are one of the most rapidly growing forms of fraud on the Internet, and are the latest addition to the global identity theft epidemic. Phished is where a phony server displays a page that looks like the real one. Users can be easily fooled by this server and unwittingly give their (user name) and (token) to the wrong server. The wrong server or fraudsters can then login to the real site and take control. It is one time use only, because there is a time interval (attackers can only gain access to the accounts as they are Phished, not whenever they want).
Pharming is an attack on the DNS (Domain Name Server). Throughout the Internet, a series of domain name servers (DNS) quietly resolve the familiar addresses you type into specific Internet addresses. These servers are basically large directories of common names such as Amazon, Google, and Microsoft, and IP-specific addresses that you never see. For example, if you type www.cnet.com, this request goes to your nearest DNS server, which then locates the registered Internet address for the Web server at CNET Networks. It's much more convenient than always remembering 222.123.0.0 or something similar. However, this translation is also a weak link in the Internet's infrastructure. With every Internet request first bouncing off a DNS server somewhere on the planet, criminal hackers realized (some time ago) that rather than flooding a specific domain and effectively hiding it from the rest of the world (in what's known as a denial-of-service attack), they can either change the DNS record or take down the DNS system altogether. By making a phony site and changing the DNS record, a fraudster will not only fool the user, he/she will also fool your browser. If this is done to a financial institution or merchant site, fraudsters can get credit card numbers and personal information that can be used later on for identity theft.
Key-loggers are small programs that run in the background on your computer and capture every key stroke you make. With this kind of an attack a user can go to legitimate sites like their bank and/or merchant sites and the key-logger will record all of the usernames, passwords, and card numbers used to login and make purchases. Verification services like Verified by VISA are rendered useless because everything that a user must type to verify themselves can be recorded by the key-logger.
Encryption braking—Fraudsters have generally taken the path of least resistance, and with all of the easy ways to get card numbers and or identity information, encryption braking is still a threat. Fraudsters have tools that can break outdated encryption algorithms. It only takes one clever hacker to write a program to break an encryption algorithm and then share it online. That is when an encryption algorithm becomes outdated.
Password guessing—Some sites are vulnerable to password guessing. Attempted solutions include locking out a user with too many failed attempts.
Trojan horse—Trojan horse attacks pose one of the most serious threats to computer security. According to legend, the Greeks won the Trojan War by hiding in a huge, hollow wooden horse to sneak into the fortified city of Troy. In today's computer world, a Trojan horse is defined as a malicious, security-breaking program that is disguised as something benign. For example, you download what appears to be a movie or music file, but when you click on it, you unleash a dangerous program that erases your disk, sends your credit card numbers and passwords to a stranger, or lets that stranger hijack your computer to commit illegal denial of service attacks.
Man in the middle—In cryptography, a man in the middle attack (MITM) is a type of attack where a user gets between the sender and receiver of information and sniffs any information being sent. In some cases users may be sending unencrypted data, which means a man-in-the-middle can easily obtain any unencrypted information. In other cases an attacker may be able to obtain the encrypted information from the attack, but have to de-encrypt the information before it can be read. A hacker can also be inline between B and C using a sniffing program to watch the conversation. This is known as a man-in-the-middle attack. A common component of such an attack is to execute a denial-of-service (DoS) attack against one end-point to stop it from responding. This attack can be either against the machine to force it to crash, or against the network connection to force heavy packet loss.
Session hijacking—TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentications only occur at the start of a TCP session, this allows the hacker to gain access to a machine. A popular method is using source-routed IP packets. This allows a hacker at point A on the network to participate in a conversation between B and C by encouraging the IP packets to pass through its machine. If source-routing is turned off, the hacker can use blind hijacking, whereby it guesses the responses of the two machines. Thus, the hacker can send a command, but can never see the response. However, a common command would be to set a password allowing access from somewhere else on the Internet.
Hash Function—A hash function H is a transformation that takes a variable-size input m and returns a fixed-size string, which is called the hash value h (that is, h=H(m)). Hash functions with just this property have a variety of general computational uses, but when employed in cryptography the hash functions are usually chosen to have some additional properties. The basic requirements for a cryptographic hash function are:—The input can be of any length. The output has a fixed length. H(x) is relatively easy to compute for any given x. H(x) is one-way. H(x) is collision-free. A hash function H is said to be one-way if it is hard to invert, where hard to invert means that given a hash value h, it is computationally unfeasible to find some input x such that H(x)=h. If, given a message x, it is computationally infeasible to find a message y not equal to x such that H(x)=H(y) then H is said to be a weakly collision-free hash function. A strongly collision-free hash function H is one for which it is computationally infeasible to find any two messages x and y such that H(x)=H(y). The hash value represents concisely the longer message or document from which it was computed.
Multiple Shiftkey Replacement (MSR) is an example of a patternless encryption and decryption system and method. Salt—Salt is a term used when talking about Hash Functions. Salt is a random string added to the message string before it is hashed. Although Hash Functions are one way and can't be reversed, an attacker can hash guessed messages and compare the hashed numbers to captured hashed number to get useful information. This kind of an attack is not feasible when salt is added. In the SuperCash system, the “Salt” is different for every transaction, making the hashed number unique for every transaction, making an attack useless anyway.
Small Key/Large Key Encryption—The Large Key is a standard MSR Key,—It includes random sets of replacement cipher text characters for each plain text character and a random set for the encoding Matrix and a random set for null or place holders so that the message will be in matrix sized chunks. The Small Key is a password that only the user should know. The Small Key affects the whole encryption process.
Token system—A current device that produces a predictable pseudo-random number in given intervals and the authenticating server produces the same pseudo-random number in the same intervals. A user is asked to give a (user name) and (the token) or pseudo-random number. The authenticating server compares the numbers to authenticate. The token device is expensive. The token device can be USB device. For a strong fraud preventing device the USB device should have its own processor like a smart card so that the Disk can't be copied or tampered with. For an economical device a standard medium can be used.
Cash files or one time cash files—Client information double encrypted, once using a hidden key on the Disk or PC, again using a password or PIN number known only to the user. Disk—Refers to any removable media. Client—Person or entity that wants to initiate a transaction. Fraudster—Person attempting to commit a fraud. Gateway—The system/server that is used to process transactions for merchants or other institutions like e-trade, check free, bill paying services, and the like. It also refers to system/server that is used for remote logins/authentication.
A version of a secure payment transaction system and method herein is referred to as “SuperCash,” which is a system that can handle transactions from Credit, Debit or Prepaid accounts like VISA, MasterCard, American Express, Discover, check cards, gift cards, ATM cards basically customer to business or business to business. Another version of a secure check transaction system and method herein is referred to as “SuperCheck,” which is a system that can handle transactions that are normally done with personal check, business checks, payroll, travelers checks, money orders, cashers checks, rebate checks or the like, with the ease of an e-mail. A further version of a secure authentication system and method herein is referred to as “SuperID,” which is a system that allows a remote client to login securely.